cvelistv5 - CVE-2021-20599

CVE-2021-20599 (GCVE-0-2021-20599)

Vulnerability from cvelistv5 – Published: 2021-10-14 00:00 – Updated: 2024-08-03 17:45

Summary

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-319 - Cleartext Transmission of Sensitive Information

Assigner

Mitsubishi

References

URL

Tags

	https://www.mitsubishielectric.com/en/psirt/vulne…	vendor-advisory
	https://jvn.jp/vu/JVNVU98578731	government-resource
	https://www.cisa.gov/uscert/ics/advisories/icsa-2…	government-resource

Impacted products

Vendor

Product

Version

Mitsubishi Electric Corporation

MELSEC iQ-R Series Safety CPU R08SFCPU

Affected: Firmware versions "26" and prior

Mitsubishi Electric Corporation	MELSEC iQ-R series Safety CPU R16SFCPU	Affected: Firmware versions "26" and prior
Mitsubishi Electric Corporation	MELSEC iQ-R series Safety CPU R32SFCPU	Affected: Firmware versions "26" and prior
Mitsubishi Electric Corporation	MELSEC iQ-R series Safety CPU R120SFCPU	Affected: Firmware versions "26" and prior
Mitsubishi Electric Corporation	MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU	Affected: Firmware versions "11" and prior
Mitsubishi Electric Corporation	MELSEC iQ-R series SIL2 Process CPU R16PSFCPU	Affected: Firmware versions "11" and prior
Mitsubishi Electric Corporation	MELSEC iQ-R series SIL2 Process CPU R32PSFCPU	Affected: Firmware versions "11" and prior
Mitsubishi Electric Corporation	MELSEC iQ-R series SIL2 Process CPU R120PSFCPU	Affected: Firmware versions "11" and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:melsec_iq-r08sfcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "melsec_iq-r08sfcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r16sfcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r32sfcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r120sfcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r08psfcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r16psfcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r32psfcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r120psfcpu",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-20599",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T20:51:10.357119Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:41.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU98578731"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series Safety CPU R08SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware versions \"26\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series Safety CPU R16SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware versions \"26\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series Safety CPU R32SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware versions \"26\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series Safety CPU R120SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware versions \"26\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware versions \"11\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series SIL2 Process CPU R16PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware versions \"11\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series SIL2 Process CPU R32PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware versions \"11\" and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R series SIL2 Process CPU R120PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware versions \"11\" and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \"11\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password."
            }
          ],
          "value": "Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \"11\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-18T05:28:04.068Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU98578731"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2021-20599",
    "datePublished": "2021-10-14T00:00:00",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:44.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66D3AC7B-50E0-47D5-B0D1-07329D724EFE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B185323A-C9E3-48A0-AD28-DA7AC7846E18\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA81D5C7-46C8-4F0E-9550-D240DC0366F3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4BBE066-33C4-4410-85D3-4B77B3773330\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FB53D61-6C69-4A4A-92B1-C10D0B8F0EC9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F6304BE-DAEE-49AB-B0B1-CEE6878CBECE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8218130C-4E7D-4FB9-976B-2351977C82D4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"515BDC46-5A1C-4A94-816A-B4751BB1B58D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A63D33D-302A-428C-986F-FC3F83CE9C86\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA37F2FC-8F75-4FEA-882D-87AD5CC1558E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFB42739-E503-44B2-A020-0DB2B8791A81\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17AD5875-B7D7-498B-9484-23049753133E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B1F532B-8EAF-4E66-9AF5-5EEFF5A0BC23\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EC2594C-6067-40BA-B8B2-AEC9B9C7922F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2C03EA2-34BF-4F86-A19C-2818788E092B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA3FB3E1-D7D3-424B-A207-D3C6F4365D12\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \\\"26\\\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \\\"11\\\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de transmisi\\u00f3n de texto claro de informaci\\u00f3n sensible en las versiones de firmware \\\"26\\\" y anteriores de la CPU de seguridad R08/16/32/120SFCPU de la serie iQ-R de MELSEC y en la CPU de proceso SIL2 R08/16/32/120PSFCPU de la serie iQ-R de MELSEC, en todas sus versiones, permite que un atacante remoto no autenticado inicie sesi\\u00f3n en un m\\u00f3dulo de CPU objetivo obteniendo credenciales distintas de la contrase\\u00f1a\"}]",
      "id": "CVE-2021-20599",
      "lastModified": "2024-11-21T05:46:51.317",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-10-14T15:15:08.827",
      "references": "[{\"url\": \"https://jvn.jp/vu/JVNVU98578731\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU98578731\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-639\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-20599\",\"sourceIdentifier\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"published\":\"2021-10-14T15:15:08.827\",\"lastModified\":\"2024-11-21T05:46:51.317\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \\\"26\\\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \\\"11\\\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de transmisi\u00f3n de texto claro de informaci\u00f3n sensible en las versiones de firmware \\\"26\\\" y anteriores de la CPU de seguridad R08/16/32/120SFCPU de la serie iQ-R de MELSEC y en la CPU de proceso SIL2 R08/16/32/120PSFCPU de la serie iQ-R de MELSEC, en todas sus versiones, permite que un atacante remoto no autenticado inicie sesi\u00f3n en un m\u00f3dulo de CPU objetivo obteniendo credenciales distintas de la contrase\u00f1a\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66D3AC7B-50E0-47D5-B0D1-07329D724EFE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B185323A-C9E3-48A0-AD28-DA7AC7846E18\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA81D5C7-46C8-4F0E-9550-D240DC0366F3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4BBE066-33C4-4410-85D3-4B77B3773330\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FB53D61-6C69-4A4A-92B1-C10D0B8F0EC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F6304BE-DAEE-49AB-B0B1-CEE6878CBECE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8218130C-4E7D-4FB9-976B-2351977C82D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"515BDC46-5A1C-4A94-816A-B4751BB1B58D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A63D33D-302A-428C-986F-FC3F83CE9C86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA37F2FC-8F75-4FEA-882D-87AD5CC1558E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFB42739-E503-44B2-A020-0DB2B8791A81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17AD5875-B7D7-498B-9484-23049753133E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B1F532B-8EAF-4E66-9AF5-5EEFF5A0BC23\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EC2594C-6067-40BA-B8B2-AEC9B9C7922F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2C03EA2-34BF-4F86-A19C-2818788E092B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA3FB3E1-D7D3-424B-A207-D3C6F4365D12\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU98578731\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU98578731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU98578731\", \"tags\": [\"government-resource\", \"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03\", \"tags\": [\"government-resource\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T17:45:44.681Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-20599\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-22T20:51:10.357119Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:mitsubishielectric:melsec_iq-r08sfcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"melsec_iq-r08sfcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"r16sfcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"r32sfcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"r120sfcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"r08psfcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"r16psfcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"r32psfcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*\"], \"vendor\": \"mitsubishielectric\", \"product\": \"r120psfcpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-22T20:56:35.290Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R Series Safety CPU R08SFCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"Firmware versions \\\"26\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R series Safety CPU R16SFCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"Firmware versions \\\"26\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R series Safety CPU R32SFCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"Firmware versions \\\"26\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R series Safety CPU R120SFCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"Firmware versions \\\"26\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"Firmware versions \\\"11\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R series SIL2 Process CPU R16PSFCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"Firmware versions \\\"11\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R series SIL2 Process CPU R32PSFCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"Firmware versions \\\"11\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"MELSEC iQ-R series SIL2 Process CPU R120PSFCPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"Firmware versions \\\"11\\\" and prior\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU98578731\", \"tags\": [\"government-resource\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03\", \"tags\": [\"government-resource\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \\\"26\\\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \\\"11\\\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \\\"26\\\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \\\"11\\\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-319\", \"description\": \"CWE-319 Cleartext Transmission of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"shortName\": \"Mitsubishi\", \"dateUpdated\": \"2024-04-18T05:28:04.068Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-20599\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-03T17:45:44.681Z\", \"dateReserved\": \"2020-12-17T00:00:00\", \"assignerOrgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"datePublished\": \"2021-10-14T00:00:00\", \"assignerShortName\": \"Mitsubishi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ICSA-21-287-03

Vulnerability from csaf_cisa - Published: 2021-08-06 06:00 - Updated: 2024-04-18 06:00

Summary

Mitsubishi Electric MELSEC iQ-R Series

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow a remote attacker to be able to log in to the CPU module by obtaining credentials.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Ivan Speziale"
        ],
        "organization": "Nozomi Networks",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow a remote attacker to be able to log in to the CPU module by obtaining credentials.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.  CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-287-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-287-03.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-21-287-03 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric MELSEC iQ-R Series",
    "tracking": {
      "current_release_date": "2024-04-18T06:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-21-287-03",
      "initial_release_date": "2021-08-06T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2021-08-06T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2021-10-14T06:00:00.000000Z",
          "legacy_version": "Update A",
          "number": "2",
          "summary": "Update A - Changed affected products and mitigation sections."
        },
        {
          "date": "2024-04-18T06:00:00.000000Z",
          "legacy_version": "Update B",
          "number": "3",
          "summary": "Update B - Added mitigations for MELSEC iQ-R series SIL2 Process CPU"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=26",
                "product": {
                  "name": "Mitsubishi Electric Corporation MELSEC iQ-R series Safety CPU R08SFCPU Firmware: \u003c=26",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R series Safety CPU R08SFCPU Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=26",
                "product": {
                  "name": "Mitsubishi Electric Corporation MELSEC iQ-R series Safety CPU R16SFCPU Firmware: \u003c=26",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R series Safety CPU R16SFCPU Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=26",
                "product": {
                  "name": "Mitsubishi Electric Corporation MELSEC iQ-R series Safety CPU R32SFCPU Firmware: \u003c=26",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R series Safety CPU R32SFCPU Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=26",
                "product": {
                  "name": "Mitsubishi Electric Corporation MELSEC iQ-R series Safety CPU R120SFCPU Firmware: \u003c=26",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R series Safety CPU R120SFCPU Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=11",
                "product": {
                  "name": "Mitsubishi Electric Corporation MELSEC iQ-R series SIL2 Process CPU R08PSFCPU Firmware: \u003c=11",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R series SIL2 Process CPU R08PSFCPU Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=11",
                "product": {
                  "name": "Mitsubishi Electric Corporation MELSEC iQ-R series SIL2 Process CPU R16PSFCPU Firmware: \u003c=11",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R series SIL2 Process CPU R16PSFCPU Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=11",
                "product": {
                  "name": "Mitsubishi Electric Corporation MELSEC iQ-R series SIL2 Process CPU R32PSFCPU Firmware: \u003c=11",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R series SIL2 Process CPU R32PSFCPU Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=11",
                "product": {
                  "name": "Mitsubishi Electric Corporation MELSEC iQ-R series SIL2 Process CPU R120PSFCPU Firmware: \u003c=11",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R series SIL2 Process CPU R120PSFCPU Firmware"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric Corporation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-20599",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthorized remote attacker may be able to log in to the CPU module by obtaining credentials other than password.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20599"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:H/SI:H/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric has prepared the following countermeasures:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU: Firmware versions \"27\" or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        },
        {
          "category": "mitigation",
          "details": "MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU:  Firmware versions \"12\" or later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        },
        {
          "category": "mitigation",
          "details": "Customers using the affected products and versions may take measures through mitigations and workarounds.  Mitsubishi Electric has released the fixed version as shown above, but updating the product to the fixed version is not available.  Mitsubishi Electric recommends users take the following mitigation measures to minimize risk associated with this vulnerability:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use a firewall or virtual private network (VPN) to prevent unauthorized access when Internet access is required.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use within a LAN and block access from untrusted networks and hosts through firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use the IP filter function to restrict the accessible IP addresses.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please refer to the Mitsubishi Electric advisory for further details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2021-20599

Vulnerability from fkie_nvd - Published: 2021-10-14 15:15 - Updated: 2024-11-21 05:46

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://jvn.jp/vu/JVNVU98578731	Third Party Advisory
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU98578731	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03
af854a3a-2127-422b-91ae-364da2661108	https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
mitsubishielectric	r08sfcpu_firmware	*
mitsubishielectric	r08sfcpu	-
mitsubishielectric	r16sfcpu_firmware	*
mitsubishielectric	r16sfcpu	-
mitsubishielectric	r32sfcpu_firmware	*
mitsubishielectric	r32sfcpu	-
mitsubishielectric	r120sfcpu_firmware	*
mitsubishielectric	r120sfcpu	-
mitsubishielectric	r08psfcpu_firmware	*
mitsubishielectric	r08psfcpu	-
mitsubishielectric	r16psfcpu_firmware	*
mitsubishielectric	r16psfcpu	-
mitsubishielectric	r32psfcpu_firmware	*
mitsubishielectric	r32psfcpu	-
mitsubishielectric	r120psfcpu_firmware	*
mitsubishielectric	r120psfcpu	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D3AC7B-50E0-47D5-B0D1-07329D724EFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B185323A-C9E3-48A0-AD28-DA7AC7846E18",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA81D5C7-46C8-4F0E-9550-D240DC0366F3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BBE066-33C4-4410-85D3-4B77B3773330",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB53D61-6C69-4A4A-92B1-C10D0B8F0EC9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F6304BE-DAEE-49AB-B0B1-CEE6878CBECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8218130C-4E7D-4FB9-976B-2351977C82D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "515BDC46-5A1C-4A94-816A-B4751BB1B58D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A63D33D-302A-428C-986F-FC3F83CE9C86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA37F2FC-8F75-4FEA-882D-87AD5CC1558E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFB42739-E503-44B2-A020-0DB2B8791A81",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17AD5875-B7D7-498B-9484-23049753133E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B1F532B-8EAF-4E66-9AF5-5EEFF5A0BC23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EC2594C-6067-40BA-B8B2-AEC9B9C7922F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C03EA2-34BF-4F86-A19C-2818788E092B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3FB3E1-D7D3-424B-A207-D3C6F4365D12",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \"11\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de transmisi\u00f3n de texto claro de informaci\u00f3n sensible en las versiones de firmware \"26\" y anteriores de la CPU de seguridad R08/16/32/120SFCPU de la serie iQ-R de MELSEC y en la CPU de proceso SIL2 R08/16/32/120PSFCPU de la serie iQ-R de MELSEC, en todas sus versiones, permite que un atacante remoto no autenticado inicie sesi\u00f3n en un m\u00f3dulo de CPU objetivo obteniendo credenciales distintas de la contrase\u00f1a"
    }
  ],
  "id": "CVE-2021-20599",
  "lastModified": "2024-11-21T05:46:51.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-14T15:15:08.827",
  "references": [
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU98578731"
    },
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"
    },
    {
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/vu/JVNVU98578731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"
    }
  ],
  "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GSD-2021-20599

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Cleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

Aliases

CVE-2021-20599

Aliases

CVE-2021-20599

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20599",
    "description": "Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.",
    "id": "GSD-2021-20599"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20599"
      ],
      "details": "Cleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.",
      "id": "GSD-2021-20599",
      "modified": "2023-12-13T01:23:12.434212Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "ID": "CVE-2021-20599",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MELSEC iQ-R Series Safety CPU R08SFCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firmware versions \"26\" and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC iQ-R series Safety CPU R16SFCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firmware versions \"26\" and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC iQ-R series Safety CPU R32SFCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firmware versions \"26\" and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC iQ-R series Safety CPU R120SFCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firmware versions \"26\" and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC iQ-R Series SIL2 Process CPU R08PSFCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firmware versions \"11\" and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC iQ-R series SIL2 Process CPU R16PSFCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firmware versions \"11\" and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC iQ-R series SIL2 Process CPU R32PSFCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firmware versions \"11\" and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MELSEC iQ-R series SIL2 Process CPU R120PSFCPU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firmware versions \"11\" and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mitsubishi Electric Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \"11\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-319",
                "lang": "eng",
                "value": "CWE-319 Cleartext Transmission of Sensitive Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf",
            "refsource": "MISC",
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU98578731",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU98578731"
          },
          {
            "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:mitsubishielectric:r08sfcpu_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "66D3AC7B-50E0-47D5-B0D1-07329D724EFE",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:mitsubishielectric:r08sfcpu:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B185323A-C9E3-48A0-AD28-DA7AC7846E18",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:mitsubishielectric:r16sfcpu_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AA81D5C7-46C8-4F0E-9550-D240DC0366F3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:mitsubishielectric:r16sfcpu:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C4BBE066-33C4-4410-85D3-4B77B3773330",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:mitsubishielectric:r32sfcpu_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7FB53D61-6C69-4A4A-92B1-C10D0B8F0EC9",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:mitsubishielectric:r32sfcpu:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6F6304BE-DAEE-49AB-B0B1-CEE6878CBECE",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:mitsubishielectric:r120sfcpu_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8218130C-4E7D-4FB9-976B-2351977C82D4",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:mitsubishielectric:r120sfcpu:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "515BDC46-5A1C-4A94-816A-B4751BB1B58D",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:mitsubishielectric:r08psfcpu_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5A63D33D-302A-428C-986F-FC3F83CE9C86",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:mitsubishielectric:r08psfcpu:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EA37F2FC-8F75-4FEA-882D-87AD5CC1558E",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:mitsubishielectric:r16psfcpu_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FFB42739-E503-44B2-A020-0DB2B8791A81",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:mitsubishielectric:r16psfcpu:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "17AD5875-B7D7-498B-9484-23049753133E",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:mitsubishielectric:r32psfcpu_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3B1F532B-8EAF-4E66-9AF5-5EEFF5A0BC23",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:mitsubishielectric:r32psfcpu:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0EC2594C-6067-40BA-B8B2-AEC9B9C7922F",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:mitsubishielectric:r120psfcpu_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B2C03EA2-34BF-4F86-A19C-2818788E092B",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:mitsubishielectric:r120psfcpu:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CA3FB3E1-D7D3-424B-A207-D3C6F4365D12",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions \"11\" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password."
          },
          {
            "lang": "es",
            "value": "La vulnerabilidad de transmisi\u00f3n de texto claro de informaci\u00f3n sensible en las versiones de firmware \"26\" y anteriores de la CPU de seguridad R08/16/32/120SFCPU de la serie iQ-R de MELSEC y en la CPU de proceso SIL2 R08/16/32/120PSFCPU de la serie iQ-R de MELSEC, en todas sus versiones, permite que un atacante remoto no autenticado inicie sesi\u00f3n en un m\u00f3dulo de CPU objetivo obteniendo credenciales distintas de la contrase\u00f1a"
          }
        ],
        "id": "CVE-2021-20599",
        "lastModified": "2024-04-18T06:15:06.627",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.2,
              "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
              "type": "Secondary"
            }
          ]
        },
        "published": "2021-10-14T15:15:08.827",
        "references": [
          {
            "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://jvn.jp/vu/JVNVU98578731"
          },
          {
            "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"
          },
          {
            "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"
          }
        ],
        "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-319"
              }
            ],
            "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-639"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

GHSA-VF46-VQQ9-HG36

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17

Details

Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319",
      "CWE-639",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-14T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.",
  "id": "GHSA-vf46-vqq9-hg36",
  "modified": "2022-05-24T19:17:36Z",
  "published": "2022-05-24T19:17:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20599"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU98578731"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-20599 (GCVE-0-2021-20599)

ICSA-21-287-03

FKIE_CVE-2021-20599

GSD-2021-20599

GHSA-VF46-VQQ9-HG36

Tags

Sightings

Nomenclature